05 Dec 2013

Two million Facebook, Twitter and Gmail Passwords Stolen

More than 2 million credentials were compromised in a global phishing campaign that affected users from 92 countries, according to security company Trustwave.

Among the stolen usernames and passwords, 318,000 were Facebook login credentials, 70,000 were from Gmail, Google+ and Youtube accounts, 60,000 belonged to Yahoo email accounts and 22,000 were for Twitter accounts.

A botnet controller located in the Netherlands apparently installed keylogger software on users’ computers and recorded their personal data while it was typed. A total of 1,580,000 website login credentials, 320,000 email accounts and 41,000 FTP account credentials were copied and sent to a proxy server controlled by hackers.

The companies were publicly notified of the breach. Payroll company ADP, Facebook, LinkedIn and Twitter informed the affected users and reset some of the passwords, reports CNN.com.

“Phishing attacks are usually associated with malware so, out of an abundance of caution, ADP is requiring a password reset for the approximately 2,400 clients whose credentials were impacted by this campaign,” according to an ADP statement. “To our knowledge, none of ADP’s clients has been adversely affected by the compromised credentials.”

ADP is one of the largest providers of business outsourcing solutions with approximately 620,000 clients in more than 125 countries.